AF_UNIX relaxed security patch
Thu Aug 16 07:37:00 GMT 2001
Thursday, 16 August, 2001 Jason Tishler firstname.lastname@example.org wrote:
JT> I believe that the following patch:
JT> and specifically this portion:
JT> is preventing PostgreSQL AF_UNIX socket clients from being able to
JT> connect to postmaster when it is running under a different user account.
JT> This lead to the following bug report on the Cygwin mailing list:
JT> The attached patch relaxes the security so that this problem is mitigated.
JT> However, I admit to not fully grokking the security ramification of
JT> my change. Did I open up access to secret_event too much?
no. security is provided by proper permissions on socket file and
randomness of event name. as long as some application _knows_ the name
of event, it should be able to signal it.
a bit more "pedantic" solution is to get security info from socket
file and apply it to event. But, iirc, under win32 one should have a
special permission to obtain security information.
JT> Is there a better way to fix this problem?
i think this patch is correct. i've checked it in. Thanks for tracking
it down and fixing!
Egor. mailto:email@example.com ICQ 5165414 FidoNet 2:5020/496.19
More information about the Cygwin-patches